JWT Encoder
Create and encode JSON Web Tokens directly in your browser
Loading JWT Encoder...
⚙️ How It Works
Enter your desired payload as JSON, optionally adjust the header, and provide a signing secret if needed. The tool encodes the header and payload using base64url and generates a signature based on the selected algorithm, producing a complete JWT.
❓ Frequently Asked Questions
Is my data kept private?
Yes. All encoding happens locally in your browser. No payloads, secrets, or tokens are sent to any server.
Can I generate a valid signed JWT?
Yes, if you provide a signing secret and choose a supported algorithm (e.g., HS256). The generated token will include a valid signature based on your input.
Which algorithms are supported?
Typically symmetric algorithms like HS256, HS384, and HS512 are supported. Asymmetric algorithms (e.g., RS256) require private keys and are not usually handled fully in browser-based tools.
Can I use this for production tokens?
This tool is intended for development, testing, and debugging. Production token issuance should always happen on a secure backend.
What happens if I leave the secret empty?
If no secret is provided, the tool may generate an unsigned token (alg: none) or fail to sign depending on implementation. Unsigned tokens are not secure and should not be used in real systems.
What is included in the JWT?
A JWT consists of three parts: Header (algorithm and type), Payload (claims), and Signature (used to verify integrity). This tool constructs all three.
What are standard JWT claims?
Common claims include 'iss' (issuer), 'sub' (subject), 'aud' (audience), 'exp' (expiration), 'iat' (issued at), and 'nbf' (not before). These help define token validity and context.
Can I customize the header?
Yes. You can modify fields like 'alg' and 'typ', but incorrect values may produce invalid or insecure tokens.
Does this tool validate my payload?
No strict validation is enforced. You are responsible for ensuring your payload structure and claims are correct.
Can I generate expired tokens for testing?
Yes. You can manually set the 'exp' claim to a past timestamp to simulate expired tokens.
Is this tool suitable for learning JWTs?
Yes. It's useful for understanding how headers, payloads, and signatures interact in a JWT structure.
Why does my generated token fail verification elsewhere?
Common reasons include mismatched secrets, incorrect algorithms, malformed payloads, or differences in encoding expectations.
Can this create encrypted JWTs (JWE)?
No. This tool generates signed tokens (JWS). Encryption (JWE) requires a different process and key management setup.